Privacy policy pursuant to Articles 13/14 Regulation (EU) 2016/679 (GDPR)

WeRoad S.r.l.
a company belonging to OneDay Group, which has its registered office in Milan, Viale Cassala, 30, 20143, Italy, Tax Code and VAT 10380820968

JOINTLY CONTROLLERS:

WeRoad Italia Srl
Viale Cassala 30, 20143, Milano, Italy – PIVA 12474100968

WeRoad UK Ltd
Alphabeta Building 18, Finsbury Square, London, England, EC2A 1AH

WeRoad France SAS
Rue D’Amsterdam 57, 75008, Paris, France – SIREN 917797789

WeRoad Viajes S.L.
Calle Escalinata 3, 28013, Madrid, Spain

WeRoad Germany GmbH
Rudi-Dutschke-Straße 23, 10969, Berlin, German

WeRoad Swiss Sagl

Via Lugano 13, 6982, Agno, Switzerland

(“Joint Controller”).

The Joint Data Controllers have signed a data joint controller agreement, pursuant to art. 26 of the GDPR, whose essential content can be viewed by interested parties upon request to be sent by email.

Contacts:

TYPE OF DATA PROCESSED

Personal data

  • Personal and contact details (email and mobile phone)
  • Data relating to professional skills and career and in general the data contained in the CV
  • Image and voice of the applicant included in the presentation video
    personal website
  • Portfolio
  • Data contained in cover letters

Special Data

  • Special categories of data such as situations of disability, illness, pregnancy, accident, health data relating to suitability for certain jobs, belonging to protected categories etc.

(“Data”)

SOURCE OF PROCESSED DATA

  • “Career” section included in each Joint Controller’s website
  • Application on LinkedIn and other job boards
  • Email
  • Instagram messages to the Joint Controller

Purpose of the processing
LEGAL OBLIGATIONS
for the fulfillment of obligations established by law, regulations, collective agreements and, in general, by the legislation applicable from time to time to the employment relationship

Legal basis
The processing is necessary for the fulfillment of a legal obligation to which the Joint Data Controller is subject (Article 6, paragraph 1 letter c) GDPR).

Nature of the provision
Necessary to comply with legal obligations.
Any refusal to provide the requested data or their inaccuracy could make it impossible to establish and / or continue the employment relationship with WEROAD.

Purpose of the processing
SELECTION AND EVALUATION OF THE CANDIDATE’S PROFESSIONAL PROFILE
– to examine the application
– to assess the candidate

Legal basis
The processing is necessary for the execution of a contract of which you are a party or for the execution of pre-contractual measures in connection with the submission of your professional application (Article 6, paragraph 1, letter b) GDPR).

Nature of the provision
Necessary.
Any refusal to provide the requested data or their inaccuracy could make it impossible to be evaluated for a position by WEROAD.

Purpose of the processing
KEEP THE CANDIDATE’S CURRICULUM VITAE
– to assess the suitability to new job positions

Legal basis
The legal basis for the processing of data is art. 6, par. 1, letter. f) GDPR, the legitimate interest of the Joint Data Controller.

Nature of the provision
Optional.
Any refusal could make it impossible to be evaluated for a future position by WEROAD.

DATA RETENTION PERIOD

The data will be processed and stored for the entire period of the job opening (in case of positive outcome of the application, the data will be processed and stored according to our employee’s privacy policy). 

Subsequently, the data will be kept for 2 years following the end of the selection phase, or for a period of five years for purposes of judicial defense of the rights of the Joint Data Controller.

Furthermore, and without prejudice to the above, the Joint Data Controller undertakes to base the processing of Personal Data on the principles of minimization, verifying on an annual basis the need for their retention for a period of time not exceeding that required by the purposes for which the data were collected and processed. The Joint Data Controller may retain Personal Data to comply with the law or to exercise or defend any right or claim in legal proceedings. Once the purposes for which the Personal Data were collected and processed have been achieved, the Joint Data Controller will implement appropriate measures to anonymize them, so that the data subject cannot be identified.

RECIPIENTS/CATEGORIES OF RECIPIENTS OF THE DATA 

The Data will be processed by employees of the Joint Data Controller expressly authorized to process the Data on the basis of instructions and subject to the adoption of appropriate measures to protect the Data in relation to all the purposes indicated above.

The following subjects may become aware of the  Data in relation to the  processing purposes set out in this privacy policy and may process the Data both as independent data controllers and as data processors duly appointed by  the Joint Data Controller (the list of such processors and autonomous data controllers is available upon request via e-mail to be sent to [email protected] ):

  • the parent company OneDay S.r.l. which deals with the management of human resources of the subsidiaries of the so-called OneDay Group;
  • human resources  service providers, IT service providers for the management of contact and e-mail databases, digital service providers and IT consultants who provide technical assistance to WEROAD; 
  • subsidiaries of the Company belonging to the so-called Oneday Group that provide intragroup services;
  • subjects who can access the Data by virtue of the legal provision provided for by the law of the European Union or by that of the Member State to which the Joint Data Controller  is subject.

DATA TRANSFER TO A NON-EU COUNTRY

The Data will be stored on servers and/or archives located within the European Union or in countries that give adequate guarantees of protection of personal data. 

The Joint Data Controller undertakes to transfer personal data to third countries:

  • ensuring that the country to which the personal data will be sent ensures an adequate level of protection, as required by Article 45 of the GDPR; or
  • complying with the standard contractual clauses approved by the European Commission for the transfer of personal information outside the EEA (these clauses are approved under Article 46 (2) of the GDPR).

METHODS OF DATA PROCESSING 

The Data will be processed in compliance with the principles of correctness, lawfulness and transparency, through manual and automated methods and through the use of paper and electronic means, in any case within the limits of the purposes of the processing(s) of the data established by this information and, in any case, always guaranteeing the security and confidentiality of your Data.

RIGHTS OF THE DATA SUBJECTS

You can at any time exercise the following rights under the conditions and within the limits set out in Articles 12-22 of the GDPR by sending an email to [email protected]

  • Right of access (Article 15 GDPR);
  • Right to rectification of inaccurate personal data and to obtain the completion of incomplete personal data (Article 16 GDPR);
  • Right to erasure of personal data (Article 17 GDPR);
  • Right to restriction of processing (Article 18 GDPR);
  • Right to object to processing pursuant to points (e) or (f) of Article 6(1) of the GDPR, including profiling (Article 21 GDPR);
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR).

In the event that the data subject considers that the processing of personal data carried out by the Joint Data Controller is in violation of the  provisions of Regulation (EU) 2016/679, the data subject has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which he/she usually resides or works or in the place where the alleged violation of the regulation occurred (in Italy the Garante per la Protezione dei Dati Personali https://www.garanteprivacy.it/  ) or to act before the appropriate courts.

Updated: August 2023